Salesforce social identity provider
| Social authentication is deprecated and will be removed in a future release of IDM. For more information, see Deprecation. |
|
When you configure a Salesforce app, look for a Consumer Key and a Consumer Secret. IDM uses this information as a For reference, read through the following Salesforce documentation: Connected Apps Overview. |
Set up Salesforce
|
These instructions were written with the Winter '19 Release of the Salesforce API. The menu items might differ slightly if you are working with a different version of the API. |
-
To set up Salesforce as a social identity provider, you will need a Salesforce developer account. Log in to the Salesforce Developers Page with your developer account credentials and create a new Connected App.
-
Under App Setup, select Create > Apps > Connected Apps > New. You will need to add the following information:
-
Connected App Name
-
API Name (defaults to the Connected App Name)
-
Contact Email
-
Activate Enable OAuth Settings
-
Callback URL (also known as the Redirect URI for other providers), for example
https://localhost:8443.The Callback URL must correspond to the log-in URL for the IDM admin UI.
-
-
Add the following OAuth scopes:
-
Access and Manage your data (api)
-
Access your basic information (id, profile, email, address, phone)
-
Perform requests on your behalf at any time (refresh_token, offline_access)
-
Provide access to your data via the Web (web)
You must add these scopes even if you are planning to use the fullOAuth scope.
-
-
After you have saved the Connected App, it might take a few minutes for the new app to appear under Administration Setup > Manage Apps > Connected Apps.
-
Select the new Connected App then locate the Consumer Key and Consumer Secret (under the API list). You’ll use that information as shown here:
-
Salesforce Consumer Key = IDM Client ID
-
Salesforce Consumer Secret = IDM Client Secret
-
Configure a Salesforce social identity provider
To configure a Salesforce social identity provider using the admin UI:
-
From the navigation bar, click Configure > Social ID Providers.
-
On the Social Identity Providers page, enable Salesforce.
-
In the Salesforce Provider window, enter applicable values in the fields, and click Save. For a complete list of fields, see Salesforce Social Identity Provider Configuration Details.
After you save the social identity provider configuration, IDM generates a conf/identityProvider-salesforce.json file:
{
"provider" : "salesforce",
"authorizationEndpoint" : "https://login.salesforce.com/services/oauth2/authorize",
"tokenEndpoint" : "https://login.salesforce.com/services/oauth2/token",
"userInfoEndpoint" : "https://login.salesforce.com/services/oauth2/userinfo",
"clientId" : "<someUUID>",
"clientSecret" : {
"$crypto" : {
"type" : "x-simple-encryption",
"value" : {
"cipher" : "AES/CBC/PKCS5Padding",
"stableId" : "openidm-sym-default",
"salt" : "<hashValue>",
"data" : "<encryptedValue>",
"keySize" : 16,
"purpose" : "idm.config.encryption",
"iv" : "<encryptedValue>",
"mac" : "<hashValue>"
}
}
},
"scope" : [
"id",
"api",
"web"
],The file includes schema information, which includes properties for each social identity account, as collected by IDM, as well as the order in which it appears in the admin UI. When you’ve registered a user with a Salesforce social identity, you can verify this by selecting Manage > Salesforce, and then selecting a user.
Another part of the file includes a propertyMap, which maps user information entries between the source (social identity provider) and the target (IDM).
If you need more information about the properties in this file, refer to the following appendix: Salesforce Social Identity Provider Configuration Details.
Configure user registration to link to Salesforce
Once you’ve configured the Salesforce social identity provider, you can activate it through User Registration. To do so in the admin UI, select Configure > User Registration, and activate that feature. Under the Social tab that appears, enable Social Registration. For more information on IDM user self-service features, see Self-service end user UI.
When you enable Social Registration, you’re allowing users to register on IDM through all active social identity providers.
Salesforce social identity provider configuration details
You can set up the Salesforce social identity provider through the admin UI or in a conf/identityProvider-salesforce.json file. IDM generates the identityProvider-salesforce.json file when you configure and enable this social identity provider in the admin UI. Alternatively, you can create the file manually.
The following table includes the information shown in the admin UI Salesforce Provider pop-up window, along with associated information in the identityProvider-salesforce.json file:
| Property (UI) | Property (JSON file) | Description |
|---|---|---|
Client ID |
|
The client identifier for your Salesforce App |
Client Secret |
|
Used with the Client ID to access the applicable Salesforce API |
Scope |
|
An array of strings that allows access to user data |
Authorization Endpoint |
|
A typical URL: |
Token Endpoint |
|
Endpoint that receives a one-time authorization code, and returns an access token; such as |
User Info Endpoint |
|
Endpoint that transmits scope-related fields; a typical URL: |
Not in the admin UI |
|
Name of the social identity provider |
Not in the admin UI |
|
Configuration class for the authentication module |
Not in the admin UI |
|
Whether to use basic authentication |
Not in the admin UI |
|
Mapping between Salesforce and IDM |